Win XP SP2 PEB ISbeingdebugged Shellcode

Win XP SP2 PEB ISbeingdebugged Shellcode: Posted Dec 15, 2009; Win XP SP2 PEB ISbeingdebugged shellcode.; tags | shellcode; SHA-256 | e3f4f7b3bb985800be2f3ce6618825112c86102ee30f83e92325664af97f6588; Download | Favorite | View

Win XP SP2 PEB ISbeingdebugged Shellcode

#name: win xp sp2 PEB ISbeingdebugged shellcode

#Author: REMOVED AT REQUEST OF AUTHOR

#Contact: REMOVED AT REQUEST OF AUTHOR

#Date: 14.12.2009.

here is the ASM code made using masm32


if program is being run under debugger the shellcode wil start beeping :D 
//////////////////////begin///////////////////////////////////////

.386
.model flat, stdcall
option casemap :none
INCLUDE   C:\MASM32\INCLUDE\WINDOWS.INC
INCLUDE   C:\MASM32\INCLUDE\KERNEL32.INC
INCLUDE   C:\MASM32\INCLUDE\USER32.INC
INCLUDE   C:\MASM32\INCLUDE\MASM32.INC
INCLUDELIB  C:\MASM32\LIB\KERNEL32.LIB
INCLUDELIB  C:\MASM32\LIB\USER32.LIB
INCLUDELIB  C:\MASM32\LIB\MASM32.LIB


    .data
ExitMsg  DB "Enter to Exit", 0

  .code
 start:
assume fs:nothing
mov eax,fs:[30h]
mov     eax, [eax+02h]
mov ebx, 7FFF8000h
add ebx,7FFF8000h
inc ebx
push 300h
push 200h
mov edx,7c837a8fh
cmp eax,ebx
jnz exit
call edx
exit:
invoke ExitProcess,NULL


end start


/////////////////////////////end///////////////////////////////

here is the dump of code using olly debugger


00401000 >/$ 64:A1 30000000 MOV EAX,DWORD PTR FS:[30]
00401006  |. 8B40 02        MOV EAX,DWORD PTR DS:[EAX+2]
00401009  |. BB 0080FF7F    MOV EBX,7FFF8000
0040100E  |. 81C3 0080FF7F  ADD EBX,7FFF8000
00401014  |. 43             INC EBX
00401015  |. 68 00030000    PUSH 300                                 ; /Duration = 768. ms
0040101A  |. 68 00020000    PUSH 200                                 ; |Frequency = 200 (512.)
0040101F  |. BA 8F7A837C    MOV EDX,kernel32.Beep                    ; |
00401024  |. 3BC3           CMP EAX,EBX                              ; |
00401026  |. 75 02          JNZ SHORT antidebu.0040102A              ; |
00401028  |. FFD2           CALL EDX                                 ; \Beep
0040102A  |> 6A 00          PUSH 0                                   ; /ExitCode = 0
0040102C  \. E8 01000000    CALL <JMP.&kernel32.ExitProcess>         ; \ExitProcess
00401031     CC             INT3
00401032   .-FF25 00204000  JMP DWORD PTR DS:[<&kernel32.ExitProcess>;  kernel32.ExitProcess






here is the shellcode
\x64\xA1\x30\x00\x00\x00\x8B\x40\x02\xBB\x00\x80\xFF\x7F\x81\xC3\x00\x80\xFF\x7F\x43\x68\x00\x03\x00\x00\x68\x00\x02\x00\x00\xBA\x8F\x7A\x83\x7C\x3B\xC3\x75\x02\xFF\xD2\x6A\x00\xE8\x01\x00\x00\x00\xCC\xFF\x25\x00\x20\x40\x00

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Win XP SP2 PEB ISbeingdebugged Shellcode

Win XP SP2 PEB ISbeingdebugged Shellcode

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Win XP SP2 PEB ISbeingdebugged Shellcode

Share This

Win XP SP2 PEB ISbeingdebugged Shellcode

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems